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(54) A system and method for transmitting data via a wireless connection in a secure manner 



(57) A system and method for enabling a user of a 
remote controller to transmit a PIN over a wireless con- 
nection in a secure manner. In accordance with the 
present invention, a terminal device, used for conduct- 
ing transactions with a service provider, is coupled to 
the service provider via a data network and a display 
such as that of a television or personal computer. The 



same remote control device (either IR or RF) that is used 
to operate the display is also used to transmit an encod- 
ed PIN to the terminal. Session-specific coding rules for 
encoding the PIN are displayed to the user to guide him 
through the encoding process. Upon receipt of the en- 
coded PIN, the terminal decodes it, validates it and, if 
appropriate, perm its access to the requested transac- 
tion or service. 
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Example of the user interface display when a user's real PIN is '7654 
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Using the remote, 
please enter a 
number from 
set 1 which 
appears directly 
above the number 
in set 2 that 
corresponds to 
the first digit 
of your PIN. 



502 
1_ 



Set 1 \0\1\2\3\4\5\6\ 7 1 8f9l 



Set 2 1 4 \ 2 \ 7 \ 0 \ 8 \ 1 \ 6 \ 9 \ 5 \ 3 



I I I I — 



506 



Fig. 5A 



Printed by Jouve, 75001 PARIS (FR) 



1 



EP 1 271 887 A1 



2 



Description 

FIELD OF THE INVENTION 

[0001] This invention relates generally to wireless 
communications, and more particularly, to a system and 
method for enabling a user of a remote control device 
to transmit sensitive data over a wireless connection In 
a secure manner. / 

BACKGROUND OF THE INVENTION 

[0002] The use of infra-red and radio frequency re- 
mote controllers tacontrol electronic equipment such as 
televisions, set-top boxes (cable or satellite), personal 
computers, garage door openers, automobile locks and 
the like is well known. One drawback to the use of such 
controllers is the ease in which their signals can be in- 
tercepted by unscrupulous individuals with what is 
termed an "electronic grabber" for unauthorized use at 
a later time. Thus, to the extent that sensitive data is 
transmitted using such remote controllers, absent safe- 
guards, the transmission is anything but secure. 
[0003] A known way of avoiding interception of such 
signals is to position the controller and the equipment 
close to one another and transfer sensitive data, at a 
power level lower than that normally used for transmit- 
ting other.types of information. Since the power used to 
transmit the sensitive data is very low, it is difficult for a 
"grabber" to detect the data. However, having to place 
the remote controller and the equipment in close prox- 
imity of one another to avoid interception goes a long 
way toward eliminating the convenience associated with 
using a remote controller. 

[0004] Another known way to prevent the interception 
of signals is for the remote controller to encode sensitive 
data with a code that is changed automatically in both 
the controller and the equipment. In this manner, an un- 
authorized user who is able to detect the transmitted sig- 
nal is unable to access the equipment by reusing the 
same signal format. However, this technique requires 
the use of a specialized remote controller capable of 
performing the encoding process. 

SUMMARY OF THE INVENTION 

[0005] The above-identified problems are solved and 
a technical advance is achieved in the art by providing 
a system and method for enabling a user to enter data 
over a wireless connection in a secure manner. 
[0006] An exemplary method includes displaying 
rules for encoding data, receiving encoded data over a 
wireless connection and decoding the encoded data. 
[0007] In another embodiment, an exemplary method 
includes viewing rules for encoding data, encoding the 
data in accordance with the rules and transmitting the 
encoded data over a wireless connection. 
[0008] In an alternate embodiment, an exemplary 



method includes displaying rules for encoding a PIN , re- 
ceiving an encoded PIN over a wireless connection from 
a remote controller, decoding the encoded PIN, validat- 
ing the PIN and if the PIN is valid, authorizing an activity. 
5 [0009] In yet another embodiment, an exemplary 
method Includes viewing rules for encoding a PIN, en- 
coding the PIN in accordance with the rules, transmitting 
the encoded PIN over a wireless connection and if said 
PIN is valid, engaging in an activity. 
10 [0010] In still another embodiment, an exemplary 
method includes transmitting, for display, rules for using 
the wireless device to encode data transmitted over the 
wireless connection; receiving data encoded in accord- 
ance with the rules; and decoding the encoded data. 
« [0011] Thus, in accordance with the present inven- 
tion, a user of a conventional remote control device is 
provided with a convenient mechanism for transmitting 
sensitive data over a wireless connection in a secure 
manner. 

[001 2] Other and further aspects of the present inven- 
tion will become apparent during the course of the fol- 
lowing description and by reference to the attached 
drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0013] FIG. 1 is a block diagram of an overview of an 
exemplary system for enabling a user of a remote con- 
trol device to conduct secure transactions. 
[0014] FIG. 2 is a block diagram of an exemplary ter- 
minal device. 

[0015] FIG. 3 is a flowchart illustrating an exemplary 
process by which the terminal device of FIG. 3 enables 
secure entry of a PIN. 

[0016] FIGS. 4A-4C illustrate exemplary coding 
records generated during the process of FIG. 3. 
[0017] FIGS. 5A-5E illustrate exemplary screens dis- 
played to the user during the process of FIG. 3. 

DETAILED DESCRIPTION 

[0018] Referring now to FIG. 1 , there is shown, in ac- 
cordance with one embodiment of the present invention, 
a system 100 for enabling a user of a remote control 
device to conduct secure transactions. 
[0019] As shown in FIG. 1, system 100 includes an 
electronic device 1 1 0, a remote controller J20 and a ter- 
minal device 200. The electronic device 110 may be a 
television with a set-top box, a personal computer, etc., 
or any device with a display 112, such as a cathode ray 
tube. Device 110 also includes an infrared receiver 114 
for receiving conventional control commands from re- 
mote controller 120. 

[0020] As further shown in FIG. 1, remote controller 
120 includes a numeric key pad 1£2, function keys 124, 
infrared transmitter 1 26 and/or radio frequency transmit- 
ter 128. Transmitter 128 may be, for example, a low 
power radio frequency ("LPRP) transmitter such as a 
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Bluetooth transmitter. In one embodiment, remote con- 
troller 120 uses infrared transmitter 126 to transmit con- 
ventional control commands (e.g., On, Off, Channel Up, 
Volume Down, etc.) to electronic device 1 10. A user em- 
ploys numeric keypad 1 22 and function keys 1 24 to en- 
ter the control commands in a conventional manner. 
[0021] Terminal device 200 of FIG. 1 includes a smart 
card-based application by which a user of remote con- 
troller 120 can conduct secure transactions with service 
provider 140. Jhe smart card-based application may re- 
quire the user to transmit a personal identification 
number ("PIN"), payment information and/or other sen- 
sitive data to terminal 2Q0 for a variety of reasons in- 
cluding, but not limited to, ensuring that the transaction 
is authorized. The user transmits such data to terminal 
device 200 using either infrared transmitter 126 or radio 
frequency transmitter 128 of remote controller 120, de- 
pending upon the type of receiver employed by terminal 
200 for this purpose. (As also shown in FIG. 1 , terminal 
device 200 includes infrared and/or radio frequency re- 
ceivers (220, 222) for receiving such information from 
controller 120.) The user employs numeric keypad 122 
and function keys 124 to transmit sensitive data to ter- 
minal 200. Moreover, one of the functjon keys 124 can 
be predefined to permit switching transmissions be- 
tween electronic device 110 and terminal 200. 
[0022] In accordance with the present invention, ter- 
minal 200 advantageously guides the user through the 
process of encoding sensitive data, prior to transmission 
to terminal 200, thereby ensuring that the transmission 
of such data is secure. Guidance is provided in the form 
of instructions and/or other information displayed to the 
user on display 112 of electronic device 11 0, as will be 
discussed in detaif hereinafter in connection with FIG. 
3. Thus, in accordance with the present invention, sen- 
sitive data can be transmitted in a secure manner from 
a standard remote controller 120, which otherwise does 
not have a mechanism for encoding data. 
[0023] Once terminal 200 has decoded and validated 
the received PIN, the user is permitted to carry on the 
requested transaction with service provider 140. This 
may require the user to select from various application- 
specific options from display 1 1 2 relating to the transac- 
tion using remote controller 120. Such transactions may 
include purchasing goods or services over the Internet, 
purchasing a "Pay-Per-View 0 movie from a cable televi- 
sion operator, conducting electronic banking and the 
like, which typically involve transmitting payment infor- 
mation, such as acreditcard number, to service provider 
1 40. To this end, terminal device 200 is coupled to serv- 
ice provider 140 via a data connection 150 such as a 
cable television connection, an Internet connection, a 
wireless connection, or the like. 
[0024] FIG. 2 is a block diagram of an exemplary ter- 
minal device 200. In one embodiment, terminal device 
200 includes a CPU 205 together with associated mem- 
ory (210, 215) for enabling a PIN and/or or other infor- 
mation necessary for conducting a secure transaction, 



to be transmitted by remote controller 200 over a wire- 
less connection in a secure manner, as will be discussed 
in detail hereinafter in connection with FIG. 3. 
[0025] As shown in FIG. 2, CPU 205 is also coupled 
5 to graphics chip 230 for interfacing with display 112 of 
electronic device 1 10 to display instructions to the user 
for use in encoding data, such as a PIN, fortransmission 
to terminal 200. The displayed instructions are derived, 
in part, from data that CPU 205 receives from random 

10 number generator 235, as also will be discussed In detail 
hereinafter in connection with FIG. 3. CPU 205 is also 
coupled to an infrared or radio frequency receiver (220, 
222) for receiving the encoded PIN and subsequent 
commands from remote controller 120. The user's PIN 

is is pre-stored in smart card 225 of user terminal 200. It 
will be understood that smart card 225, being a detach- 
able device, allows various users, each with their own 
smart card 225 having their own PIN pre-stored therein, 
to transmit information over a wireless connection in a 

20 secure manner via a "public" terminal 20j0, provided that 
the terminal also includes a mechanism for communi- 
cating with service provider 140. CPU 205 decodes the 
encoded PIN in accordance with the decoding rules 
stored in memory (210, 215). CPU 205 then validates 

25 the decoded PIN by comparing it with the PIN received 
from smart card 225 Jf the decoded PIN is a valid PIN, 
the user is provided access to service provider 140 via 
communications port 240. 

[0026] In an alternate and perhaps even more secure 
30 embodiment, the hardware and software necessary for 
conducting secure transactions resides entirely within 
smart card 225 or other secure detachable device. In 
this alternate embodiment, the random number gener- 
ator 230 resides in card 225 and both the receivers^220, 
35 222) and graphics chip 230 are connected directly to 
card 225. In other words, all receiving, decoding and val- 
idating of PINs are performed by smart card 225 (i.e., 
the smart card's CPU and associated memory). In this 
way, information relating to the PIN is not shared with 
40 main CPU 205. Thus, in this embodiment, CPU 205 and 
associated memory (210, 215) are used only for con- 
ducting the requested transaction after it has been au- 
thorized by smart card 225. 

[0027] In a yet another embodiment, all of the hard- 
45 ware and software necessary for conducting secure 
transactions In accordance with the present Invention 
resides at service provide 140, rather than within termi- 
nal 200. Thus, in this embodiment, service provider 140 
generates instructions and/or other information neces- 
50 sary to visually guide the user through the process of 
encoding the PIN. In this regard, service provider 140 
transmits this information via data connection 1 50 to the 
terminal device 200 for presentation to the user on dis- 
play 112. Also, all remote controller 12p commands 
55 needed for conducting secure transactions (e.g., encod- 
ed digits of a PIN) are transmitted to service provider 
140 via terminal device 200. Thus, in this embodiment, 
decoding and validating of PINs is performed at service 
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provider 140, rather than at terminal 200. 
[0028] FIG. 3 is a flowchart illustrating an exemplary 
process by which terminal 200 enables a user of a re- 
mote control device to conduct secure transactions. In 
step 305 of FIG. 3, terminal 200 receives a request for 
a transaction from a user of remote controller 120. The 
user may transmit the request to terminal 200 over the 
infrared or RF connections, e.g., by depressing a func- 
tion key 124 of controller 120 that has been pre-defined 
for this purpose. In step 310, terminal 200 determines 
the length of the PIN needed to conduct the requested 
transaction; more secure transactions may require entry 
of a longer PIN. It is to be understood that the data that 
can be transmitted in accordance with the present in- 
vention is not limited to PINS, but rather, can include any 
data sought to be transmitted in a secure manner over 
a wireless connection. Such dataincludes, but is not lim- 
ited to, user account information or credit card numbers 
used to pay for goods or services that are the subject of 
the requested transaction. 

[0029] Steps 31 5-330 of FIG. 3 relate to an exemplary 
methodfor generating the encoding rules that will be dis- 
played to the user to guide him through the process of 
encoding his PIN for secure transmission. These rules 
will also be stored by terminal 200 for decoding the en- 
coded PIN received from the user. FIGS. 4A-C illustrate 
exemplary coding records generated during steps 
31 5-330; thus, each of these figures is referenced below 
in connection with the discussion of these steps. 
[0030] In step 315, terminal 200 generates and stores 
a first set of numbers 0-9. The first set of numbers is 
shown in FIG. 4A. In step 320, terminal 200 generates 
and stores a second set of numbers 0-9, wherein the 
numbers of the second set are placed in random order, 
as shown in FIG. 4B. The second set of numbers is gen- 
erated using random number generator 230 in amanner 
well-known in the art. In step 325 of FIG. 3, terminal 200 
associates each number in the first set with a number 
in the second set, as illustrated by the vertical lines in 
FIG. 4C. In step 330< terminal 200 stores this associa- 
tion for purposes of both displaying it to the user to guide 
him through the encoding process and thereafter using 
it to decode an encoded PIN received from the user. 
[0031] It is to be understood that the above-described 
association is intended to be illustrative rather than lim- 
iting. For example, the first set of numbers, rather than, 
or in addition to, the second set of numbers, could also 
be randomly generated. Also, the association^may in- 
clude characters such as letters of the alphabet or sym- 
bols (e.g., %, &, etc.) rather than, or in addition to, nu- 
merals, provided that the remote controller 120 includes 
keys for transmitting such letters or symbols as the need 
arises. 

[0032] In step 335, terminal 200 displays the associ- 
ation of FIG. 4C to the user. In step 340, the user is 
prompted to transmit a number from the first set of num- 
bers that is associated with the number in the second 
set that corresponds to the first digit of the user's previ- 



ously assigned or selected PIN. In step 345, terminal 
400 receives the first encoded digit of the user's PIN. In 
step 350, terminal 200 prompts the user to transmit a 
number from the first set that is associated with the 
5 number in the second set that corresponds to the next 
digit of the user's PIN. In step 355, the next encoded 
digit of the PIN is received. In step 360, terminal 200 
determines whether the digit received in step 350 was 
the last digit of the user's PIN.-lf the digit received was 
not the last digit, then steps 350 ajid 355 are repeated. 
If the digit received was the last digit, then, in step 365, 
terminal 200 decodes the encoded PIN by comparing 
each digit of the encoded PIN^with the stored associa- 
tion. 

[0033] In step 370, terminal 200 then determines 
whether the decoded PINJsavalid PIN. If the decoded 
PIN is a valid PIN, in step 375, terminal 200 provides 
the user with access to the requested transaction. If, 
however, it is determined in step 370 that the decoded 
PIN is not valid, then the process set forth in steps 315 
through 370 is repeated in attempting to obtain a valid 
PIN from the user. Recall that steps 315-330 relate to 
generating the encoding rules displayed to the user. 
These rules are preferably changed whenever a re-at- 
tempt is made at obtaining a valid PIN or each time there 
is a new request for a transaction, as an added measure 
of security. 

[0034] FIGS. 5A-5E illustrate an exemplary user in- 
terface displayed during the process of FIG. 3. For pur- 
poses of illustration, it is assumed that the user's PIN is 
"7654". FIG. 5A illustrates the first screen displayed to 
the user (i.e.,' before the user has transmitted any digits 
of an encoded PIN to terminal 200). As shown in FIG. 
5A, the screen displayed to the user includes the asso- 
ciation 502between the first set of numbers and the sec- 
ond set of numbers generated by terminal 200, as dis- 
cussed above in connection with FIG. 3, The screen also 
includes instructions 504 for using the displayed asso- 
ciation to encode the first digit of the user's PIN. In par- 
ticular, the instructions request the user to use remote 
controller 12Q to enter a number from set 1 which ap- 
pears directly above the number in set 2 that corre- 
sponds to the first digit of the user's PIN. The displayed 
association 502 together with the instructions 504 for us- 
ing them are one example of rules for encoding a user's 
PIN. The user, knowing that his PIN is "7654", and view- 
ing the on-screen association 502 between the first and 
second sets of numbers, will select the number "2". This 
is because the number "2" in the first set appears directly 
above the number n 7 M in the second set, which, in turn, 
corresponds to the first digit of his PIN. The user will 
then use remote controller 120 to transmit the number 
"2" to terminal 200 as the first digit of his encoded PIN. 
Screen 500 also Includes fields 506 for providing the us- 
er with visual feedback that the transmitted digits have 
been received by terminal 200, as will become apparent 
in connection with the discussion of FIGS. 5B-5E. 
[0035] FIG. 5B illustrates the second screen dis- 
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played to the user. As shown In FIG. 5B, the second 
screen contains substantially the same information as 
the first screen, except that an asterisk appears in fietd 
506a to provide the user with visual feedback that the 
first digit has been received. It will be understood that s 
the use of an asterisk in this manner is intended to be 
illustrative, rather than limiting, and that any mechanism 
for providing visual feedback may be employed. The on- 
ly other difference between the first and second screens 
is that the second screen's instructions are directed to 
requesting entry of the second digit of the user's PIN, 
rather than the first digit, in accordance with the dis- 
played association. Once again, since the user's PIN is 
"7654", the user will select and enter via remote control- 
ler 120, the number n 6 a from thelirst set of association 
502 because it appears directly above the number n 6 M 
in the second set, which corresponds to the second digit 
of his PIN. 

[0036] PIG. 5C illustrates the third-screen displayed 
to the user. As shown in FIG. 5C, the third screen con- 
tains substantially the same information as the previous 
screens, except that an asterisk now appears in both 
fields 506a and 506b, indicating that the second digit 
transmitted has also been received. In addition, the third 
screen's instructions are directed to requesting entry of 
the third digit of the user's PIN in accordance with the 
displayed association, Since the user's PIN is "7654", 
the user will select and enter the number "8" from the 
first set of the displayed association because it appears 
directly above the number "5" in the second set, which 
corresponds to the third digit of his PIN. 
[0037] FIG. 5D illustrates the fourth screen displayed 
to the user. Asterisks now appear in fields 506a-c, indi- 
cating that the third digit transmitted has also been re- 
ceived. Also, the fourth screen's instructions are direct- 
ed to requesting entry of the fourth digit of the user's 
PIN. The user will select the number "0" from the first 
set of the displayed association because it appears di- 
rectly above the number "4" in the second set, which 
corresponds to the fourth and final digit of his PIN. 
[0038] FIG. 5E illustrates the last screen displayed to 
the user. Asterisks now appear in all fields 506a-d, indi- 
cating that all four digits of the user's PIN have been 
received. The last screen's instructions are directed to 
requesting that the user stand by while the user's PIN 
is validated. As discussed above in connection with FIG. 
3, if the decoded PIN is valid, the user is provided with 
access to the requested service/transaction. If, howev- 
er, it is determined that the decoded PIN is not valid, 
then a screen indicating such may be displayed and, 
thereafter, the first screen of FIG. 5A may be re-dis- 
played to request re-entry of an encoded PIN in accord- 
ance with a newly generated association 502 (i.e., the 
association is changed each time by terminal 200 as an 
added measure of security). 

[0039] The many features and advantages of the 
present invention are apparent from the detailed speci- 
fication, and thus, it is intended by the appended claims 



to cover all such features and advantages of the inven- 
tion which fall within the true spirit and scope of the in- 
vention. 

[0040] Furthermore, since numerous modifications 
and variations will readily occur to those skilled in the 
art, it is not desired that the present invention be limited 
to the exact construction and operation illustrated and 
described herein, and accordingly, all suitable modifica- 
tions and equivalents which may be resorted to are in- 
tended to fall within the scope of the claims. For exam- 
ple, it is to be understood thatthe above-described hard- 
ware and functionality of electronic device 110 and ter- 
minal device 1 20 could be combined into a single device 
without departing from the spirit and scope of the 
invention. 



A method for enabling a user to transmit data in a 
secure manner over a wireless connection, com- 
prising: 

displaying rules for encoding data; 
receiving encoded data over a wireless con- 
nection; and 

decoding the encoded data. 

The method of claim 1 , wherein the data comprises 
a personal identification number ("PIN 0 ). 

1"he method of claim 2, wherein the data comprises 
payment information. 

The method of claim 1 , wherein the rules are auto- 
matically changed in a predetermined manner. 

The method of claim 1 , wherein the rules are dis- 
played on a display of a device selected from the 
group consisting of a television and a personal com- 
puter. 

The method of claim 5, wherein the encoded data 
is received from a remote control device. 

The method of claim 6, wherein the remote control 
device is used to operate the device on whose dis- 
play the rules are displayed. 

The method of claim 1 , wherein the wireless con- 
nection is an infrared or radio frequency wireless 
connection. 

The method of claim 8, wherein the radio frequency 
wireless connection is a low power radio frequency 
("LPRF") connection. 

10. The method of claim 9, wherein the LPRF connec- 
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tion is a Bluetooth connection. 

11. The method of claim 1, wherein the encoded data 
Is decoded using the displayed rules. 

12. The method of claim 2, further comprising: 

validating the PIN; and 

if the PIN is valid, permitting the user to engage 
in an activity. 

13. The method of claim 12, wherein the step of validat- 
ing comprises: 

determining whether the PIN matches a PIN 
stored in a smart card. 

14. A method for enabling a user to transmit data in a 
secure manner over a wireless connection, com- 
prising: 

viewing rules for encoding data for secure 
transmission over the wireless connection; 
encoding the data in accordance with the rules; 
and 

transmitting the encoded data over the wireless 
connection. 

15. The method of claim 14, wherein the data compris- 
es a personal identification number ("PIN' 1 ). 

16. The method of claim 14, wherein the data compris- 
es payment information. 

17. The method of claim 14, wherein the rules are au- 
tomatically changed in a predetermined manner. 

18. The method of claim 14, wherein the encoded data 
includes digits selected from the group consisting 
of numeric, alphabetic and symbolic characters. 

19. The method of claim 14, wherein the rules are 
viewed on a display of a television, personal com- 
puter or a secured user interface. 

20. The method of claim 14, wherein the wireless con- 
nection is an infrared or radio frequency wireless 
connection. 

21 . The method of claim 20, wherein the radio frequen- 
cy wireless connection is a low power radio frequen- 
cy ("LPRF") connection. 

22. The method of claim 21 , wherein the LPRF connec- 
tion is a Bluetooth connection. 

23. The method of claim 15, further comprising: 



if the PIN is valid, engaging in an activity other- 
wise not permitted without a valid PIN. 

24. The method of claim 23, wherein the step of validat- 
5 ing includes determining whether the PIN matches 

a PIN stored in a smart card. 

25. A system for enabling a user of a remote control 
device to transmit data in a secure manner over a 

10 wireless connection, comprising: 

a memory device storing a program; and 
a processor in communication with the memory 
device, the processor operative with the pro- 
fs gram to: 

display rules for encoding data; 
receive encoded data over a wireless con- 
nection; and 
20 decode the encoded data. 

26. The system of claim 25, wherein the data comprises 
a PIN. 

25 27. The system of claim 25, wherein the encoded data 
is received from a remote controller. 

26. The method of claim 25, wherein the processor is 
further operative with the program to validate the 
30 decoded data. 

29. The system of claim 25 , wherein the memory device 
and processor reside within a smart card. 

35 30. A system for enabling a user of a remote control 
device to transmit data in a secure manner over a 
wireless connection, comprising: 

a memory device storing a program; and 
40 a processor in communication with the memory 

device, the processor operative with the pro- 
gram to: 

display rules for encoding a PiN; 
45 receive an encoded PIN over a wireless 

connection from a remote controller; 

decode the encoded PIN; 

validate the PIN; and 

if said PIN is valid, permit access to an ac- 
50 tivity. 

31 . The system of claim 30, wherein the memory device 
and processor reside within a smart card. 

55 
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Receive a request 
for a service session 
from a user 



Determine the length of 
the PIN needed for access 
to the service 



I 



Generate and store a first 
set of numbers 0-9 



I 



Generate and store a second 
set of numbers 0-9, wherein 
the numbers of the second 
set are placed in random order 



Associate each number in 
the first set with a number 
in the second set ^ G 



Store the association 



I 



Display the association 
to the user 
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,310 



315 



320 



.325 



330 



335 



Prompt the user to 
select a number from 
the first set that is associated 
with a number in the second 
set that corresponds to the first 
digit of the user's PIN 



340 



Receive the first digit 
of the encoded PIN 



.345 



Fig. 3 
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Prompt the user to select a 
number from the first set 
that is associated with a 
number in the second set 
that corresponds to the next 
digit of the user's PIN 
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Example of the user interface display when a user's real PIN is "7654 
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please enter a 
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appears directly 
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of your PIN. 
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User entered "6" in response to display of FIG. 5B. 
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User entered "0" in response to display of FIG. 5D 
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